From a546e25e76678eeaa480f0700689889026812fc4 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Mon, 14 Jan 2019 14:19:09 -0800
Subject: [PATCH] Delete change tags from docker image repos

Whenever we promote an image, delete the change tag for that image
in Docker Hub, and also delete any change tags older than 24 hours
in order to keep the Docker Hub image registry tidy.

Change-Id: Id4654c893963bdb0a364b1132793fe4fb152bf27
---
 docker/gitea/Dockerfile                       |  2 +-
 .../zuul/build-image/promote-delete-tag.yaml  | 20 +++++++++++++
 playbooks/zuul/build-image/promote-retag.yaml | 14 ++++++++--
 playbooks/zuul/build-image/promote.yaml       | 28 +++++++++++++------
 4 files changed, 52 insertions(+), 12 deletions(-)
 create mode 100644 playbooks/zuul/build-image/promote-delete-tag.yaml

diff --git a/docker/gitea/Dockerfile b/docker/gitea/Dockerfile
index d2299ba813..344b44301d 100644
--- a/docker/gitea/Dockerfile
+++ b/docker/gitea/Dockerfile
@@ -112,4 +112,4 @@ EXPOSE 22
 VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/usr/sbin/sshd", "-D"]
-# this comment is here to perform a test run of the job...
\ No newline at end of file
+# this comment is here to perform a test run of the job....
diff --git a/playbooks/zuul/build-image/promote-delete-tag.yaml b/playbooks/zuul/build-image/promote-delete-tag.yaml
new file mode 100644
index 0000000000..d8435b4393
--- /dev/null
+++ b/playbooks/zuul/build-image/promote-delete-tag.yaml
@@ -0,0 +1,20 @@
+- name: List tags
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags?page_size=1000"
+    status_code: 200
+  register: tags
+- name: Set cutoff timestamp to 24 hours ago
+  command: "python3 -c \"import datetime; print((datetime.datetime.utcnow()-datetime.timedelta(days=1)).strftime('%Y-%m-%dT%H:%M:%fZ'))\""
+  register: cutoff
+- name: Delete all change tags older than the cutoff
+  no_log: true
+  loop: "{{ tags.json.results }}"
+  loop_control:
+    loop_var: docker_tag
+  when: docker_tag.last_updated < cutoff.stdout and docker_tag.name.startswith('change_')
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags/{{ docker_tag.name }}/"
+    method: DELETE
+    status_code: 204
+    headers:
+      Authorization: "JWT {{ jwt_token.json.token }}"
diff --git a/playbooks/zuul/build-image/promote-retag.yaml b/playbooks/zuul/build-image/promote-retag.yaml
index 132e75a04e..77b611ac8b 100644
--- a/playbooks/zuul/build-image/promote-retag.yaml
+++ b/playbooks/zuul/build-image/promote-retag.yaml
@@ -1,7 +1,7 @@
 - name: Get dockerhub token
   no_log: true
   uri:
-    url: "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{{image.repository}}:pull,push"
+    url: "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{{ image.repository }}:pull,push"
     user: "{{ credentials.username }}"
     password: "{{ credentials.password }}"
     force_basic_auth: true
@@ -9,7 +9,7 @@
 - name: Get manifest
   no_log: true
   uri:
-    url: "https://registry.hub.docker.com/v2/{{image.repository}}/manifests/change_{{zuul.change}}"
+    url: "https://registry.hub.docker.com/v2/{{ image.repository }}/manifests/change_{{ zuul.change }}"
     status_code: 200
     headers:
       Accept: "application/vnd.docker.distribution.manifestv2+json"
@@ -22,10 +22,18 @@
   loop_control:
     loop_var: new_tag
   uri:
-    url: "https://registry.hub.docker.com/v2/{{image.repository}}/manifests/{{ new_tag }}"
+    url: "https://registry.hub.docker.com/v2/{{ image.repository }}/manifests/{{ new_tag }}"
     method: PUT
     status_code: 201
     body: "{{ manifest.content | string }}"
     headers:
       Content-Type: "application/vnd.docker.distribution.manifestv2+json"
       Authorization: "Bearer {{ token.json.token }}"
+- name: Delete the current change tag
+  no_log: true
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags/change_{{ zuul.change }}/"
+    method: DELETE
+    status_code: 204
+    headers:
+      Authorization: "JWT {{ jwt_token.json.token }}"
diff --git a/playbooks/zuul/build-image/promote.yaml b/playbooks/zuul/build-image/promote.yaml
index 04858ab27d..ce7467dc6f 100644
--- a/playbooks/zuul/build-image/promote.yaml
+++ b/playbooks/zuul/build-image/promote.yaml
@@ -1,10 +1,22 @@
 - hosts: localhost
   tasks:
-    - name: Promote dockerhub image
-      when: credentials is defined
-      block:
-        - name: Promote image
-          loop: "{{ images }}"
-          loop_control:
-            loop_var: image
-          include_tasks: promote-retag.yaml
+    # This is used by the delete tasks
+    - name: Get dockerhub JWT token
+      no_log: true
+      uri:
+        url: "https://hub.docker.com/v2/users/login/"
+        body_format: json
+        body:
+          username: "{{ credentials.username }}"
+          password: "{{ credentials.password }}"
+      register: jwt_token
+    - name: Promote image
+      loop: "{{ images }}"
+      loop_control:
+        loop_var: image
+      include_tasks: promote-retag.yaml
+    - name: Delete obsolete tags
+      loop: "{{ images }}"
+      loop_control:
+        loop_var: image
+      include_tasks: promote-delete-tag.yaml